OPA Secrets challenge (category: web, level: hard)
OPA Secrets Challenge
Step 1: On opening the challenge, a login screen would come up.
Step 2: We first need to set up an account in order to access the OPA Secrets portal. So, signup with any random username and password.
Sign Up Screen
Step 3: Now login using the credentials with which new account was created.
Step 4: On logging in, OPA Secrets dashboard will come up.
OPA Secrets Dashboard
Step 5: There are 2 tabs on the dashboard, in the secrets tab, it gives the functionality to create and save our secrets. On visiting the Security tab, it gives us info about the algorithm that is used in keeping this secrets secure. Also a Github link is mentioned where we can see the source code of this open source OPA Secrets algorithm.
Step 6: Open the github link (congon4tor/opa_secrets: Secret manager using Open Policy Agent (github.com) and open the app.py script (opa_secrets/app/app.py).
Step 7: Now carefully observe the script. We can see that 3 different users have been created
Read the article